Omega Owners Forum
Chat Area => General Discussion Area => Topic started by: Mr Skrunts on 21 August 2013, 01:29:08
-
I have various online mail accounts such as Hotmail and Yahoo.
Although there is nothing worth worrying about in my accounts it seems I have some of my mail being read, I keep my mail account logged in on the yahoo account both on my PC and Android Mobile.
Simple option is to change the password, but out of interest i was wordering if there was any way of monitoring or finding out who is actualy accessing my mail account.
TIA :y
-
I had a similar thing a few years ago, where some messages had been opened and read in my Hotmail account. >:(
It happened a few times and I suspected that an ex girlfriend had worked out my password, which I changed and it never happened again. ::)
-
Only the provider will have access to the logs from which they can find out the source of the breech.
Passwords are easy to make rememberable and secure, but here are a few tips:
- Make sure the password is at least 9 characters long (rainbow tables are easy to fabricate up to 8 characters long and can be used to reverse lookup a hashed or encrypted password string, at 9 characters the combinations get more and more complicated)
- The best way of making a very secure password is the phrase method combined with a bit of transposing
1. Think of a phrase you know off by heart. eg The rain in spain falls mainly on the plain
2. Take every 2nd, 3rd or 4th letter. If there are fewer letters than your count then cycle the word until your count stops. eg 3rd letter of the phrase above is - eiialioea.
3. You can then do things like making it back to front, changing some letters for symbols (a = @, e = €, I = 1, etc) or capitals. As long as you follow a method you can remember.
4. By making every second character a symbol and then changing the remaining letters to alternating capitals "The rain in Spain falls mainly on the plain" becomes - e!I@l!o€A A very secure password that is difficult to hack, it would require a brute force attack which using current technology would take several thousand years to break.
- This does not mean you are not susceptible to shoulder surfing or keyloggers included in malware so you should also take precautions about those.
- The key advantage about this technique is a resistance to Social Engineering, which is the biggest growth area in current attacks. Even if they know or figure out you favourite phrase, by transposing and modifying it you make personal and difficult to guess further. You can also use a written phrase as long as you don't write down the rest of the logic you apply to it.
- All that said a password is useless if you cannot remember it so chose it wisely :y
-
I have a unique way of creating passwords that I use for banking and online shopping accounts, but mail accounts etc I use a long password of mixed characters but never change it, so it may be simple to work out who may have seen me log in and they have had a nosy through my mail, which is daft really as they could have looked through my mail simply by asking, I have nothing to hide.
The other thing that is getting up my nose are the silly idiots who try it on using paypal front ends, makes me wonder how they get the details in the first place, or say I have a huge inheritance due please forward details. Dont they realise its so simple to hit reply and check the properties of the senders mail addy,
-
Ah, a discussion on passwords...
(http://imgs.xkcd.com/comics/password_strength.png)
From http://xkcd.com/936/
-
While better at resisting brute force, the problem with the random words technique is that they are vulnerable to dictionary attacks. Better to have one that is resistant to both :y
-
Some of the online email accounts are big enough to warrant some spending time to look for flaws in the software that runs them...
...sometimes, small is better.
-
Some of the online email accounts are big enough to warrant some spending time to look for flaws in the software that runs them...
...sometimes, small is better.
Sorry TB you lost me there(easy i know)
What do you mean?
-
Some of the online email accounts are big enough to warrant some spending time to look for flaws in the software that runs them...
...sometimes, small is better.
Sorry TB you lost me there(easy i know)
What do you mean?
With potentially access to 10m or more email accounts, its worth hackers spending a bit of time trying to break in at the system/server level, rather than at individual mailbox level.
-
Some of the online email accounts are big enough to warrant some spending time to look for flaws in the software that runs them...
...sometimes, small is better.
Sorry TB you lost me there(easy i know)
What do you mean?
With potentially access to 10m or more email accounts, its worth hackers spending a bit of time trying to break in at the system/server level, rather than at individual mailbox level.
Ah ok I see now ,thanks.
-
These days I alway use 10+ random letters, punctuation and numbers as brute force attacks seem to be becoming more common, especially from China.
Personally, I would happily shoot malicious hackers and spammers in front of their families.
I really hate malicious hackers and spammers.
Did I tell you I really loath malicious hackers and spammers.
-
These days I alway use 10+ random letters, punctuation and numbers as brute force attacks seem to be becoming more common, especially from China.
Personally, I would happily shoot malicious hackers and spammers in front of their families.
I really hate malicious hackers and spammers.
Did I tell you I really loath malicious hackers and spammers.
They keep me very busy (and very employed) :y
-
These days I alway use 10+ random letters, punctuation and numbers as brute force attacks seem to be becoming more common, especially from China.
Hmmmm maybe I should review my simplistic approach to passwords..... :-\ Afterall if an Ex can work it out... ::) :-[ ;D
Trouble is I have the memory of a goldfish..... ::) Why am I talking about goldfish? Hmmmm :-\ :-[
-
Given PRISM and the fact that GCHQ and the CIA/NSA have been reading all your mail anyway.. is it really a concern? ;D
-
Given PRISM and the fact that GCHQ and the CIA/NSA have been reading all your mail anyway.. is it really a concern? ;D
Yes, because all of the above will only use human intervention when certain keywords or phrases are flagged by the massively parallel monitoring and signal processing computers. Just say a few keywords of interest to the intelligence services and I'm sure you will make a whole bunch of new and interesting friends ::) :o ;D ;D ;D whereas malicious hackers, being criminals have a much simpler motive, they want your money for as little work as possible, so gone on you know you want to use long random characters for passwords, so they really have to work for the contents of your wallet. ::) ;D ;D ;D